LeadCooker and GDPR

Last updated: May 24, 2018

In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). This new piece of legislation has had a great impact on anyone whose business involves handling personal data about EU residents or within the EU. It will come into effect on May 25, 2018.

This article provides an overview of the data-related roles and responsibilities when you’ve chosen LeadCooker as your email automation platform and will explain LeadCooker’s efforts to live up to the values and requirements of the GDPR.

What is considered “personal data”?

Per the GDPR, personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. Consider the extremely broad reach of that definition. Personal data will now include not only data that is commonly considered to be personal in nature (e.g. names, physical addresses, email addresses), but also data such as IP addresses, behavioral data, location data, financial information, and much more.

What personal information we collect?

We collect the email addresses of those who communicate with us via email. When you browse our marketing pages, we track that for analytical purposes (conversion rates and testing new designs). We’ll also store any information you voluntarily submit (for example, filling out a survey) for the duration of the research project or as long as it makes sense.

When you sign up for LeadCooker, we ask for your name, email address, country, and company name. This allows us to personalize your new account, and send you invoices, updates, or contact you concerning your account.

LeadCooker acknowledges that EU and Swiss individuals have the right to access the personal information that we maintain about them. An EU or Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to team@leadcooker.com. If requested to remove data, we will respond within a reasonable timeframe.

LeadCooker as the data processor

Users of LeadCooker can store any type of information in LeadCooker, but LeadCooker does not access or share that data, and does not know what type of data you or other users are storing. The data is only used by the account owner and invited users as they intend to use it.

Therefore, the data you store in LeadCooker is your data subjects, and you are considered the data controller for this personal data. Using the LeadCooker app to manage your contacts and organizations means that you have engaged LeadCooker as a data processor to carry out certain processing activities on your behalf.

Sensitive personal data, such as health information or information that reveals a person’s racial or ethnic origin, will require even greater protection. You should not store data of this nature within your LeadCooker account.

LeadCooker as the data controller

Additionally, LeadCooker acts as the data controller for the personal data we collect about you, the user of our web app, mobile app, and website.

First and foremost, we process data that is necessary for us to perform our contract with you.

Second, we process your personal data for our legitimate interests in line with GDPR. What are these ‘legitimate interests’ we talk about?

Improving the app to help you reach new levels of productivity.

Making sure that your data and LeadCooker’s systems are safe and secure.

Responsible marketing of our product and its features.

As the controller for your personal data, LeadCooker is committed to respect all your rights under the GDPR. If you have any questions or feedback, please reach out at team@leadcooker.com

Does it matter whether you are a controller or a processor?

If you access personal data, you do so as either a controller or a processor, and there are different requirements and obligations depending on which category you are in. A controller is the organization that determines the purposes and means of processing personal data. A controller also determines the specific personal data that is collected from a data subject for processing.

A processor is the organization that processes the data on behalf of the controller.

Controllers will retain primary responsibility for data protection (including, for example, the obligation to report data breaches to data protection authorities); however, the GDPR does place some direct responsibilities on the processor, as well. Accordingly, it is important to understand whether you are acting as a controller or a processor, and to familiarize yourself with your responsibilities accordingly.

In the context of the LeadCooker application and our related services, in the majority of circumstances, our customers are acting as the controller. Our customers, for example, decide what information is uploaded or transferred into their LeadCooker account (our ecosystem).

Does GDPR require that my information be stored in the EU?

No. Under GDPR, a company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU.

Is LeadCooker using third-parties to process data?

LeadCooker, just like any other business, currently uses third-party Subprocessors to provide various business functions like business analytics, cloud infrastructure, email notifications, payments, and customer support.

We’ve listed our Suprocessors below. We will keep this page up-to-date, please check back regularly to get updates on all changes.

Entity Name

Subprocessing Activities

Entity Country

Digital Ocean

Cloud Infrastructure

United States

Paddle

Payments

United States

Intercom, Inc.

Customer Support

United States

Google Inc.

Analytics

United States

Google Inc.

Analytics

United States

Security and Storage

The LeadCooker website and Service has industry standard security measures in place to protect the loss, misuse, and alteration of the information under our control. While there is no such thing as “perfect security” on the Internet, we will take all reasonable steps to insure the safety of your information.

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. Data isn’t encrypted while it’s live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest.

Cookies

When you use the LeadCooker Service we and our vendors may use “cookies”, “web beacons”, and similar devices to track your activities. These small pieces of information are stored on your hard drive, not on the LeadCooker website.

We use cookies to help you navigate the LeadCooker website and Service as easily as possible, and to remember information about your current session. We do not use this technology to spy on you or otherwise invade your privacy. You can disable cookies and tracking technologies through your web browser, however doing so may render the LeadCooker Service unusable.

Questions

We are working with our customers to answer any questions and address any concerns regarding how we protect their personal data and gearing up for GDPR. If you have any questions, please don’t hesitate to contact us at team@leadcooker.com